summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSimon Charette <charette.s@gmail.com>2022-06-19 23:46:22 -0400
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2022-07-06 07:40:07 +0200
commit877c800f255ccaa7abde1fb944de45d1616f5cc9 (patch)
tree1fd6fa46ea847249eab6339213d4de5ee8f05f65 /docs
parent73766c118781a7f7052bf0a5fbee38b944964e31 (diff)
Refs CVE-2022-34265 -- Properly escaped Extract() and Trunc() parameters.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/4.1.txt14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt
index ad6400c665..49bbf2dec2 100644
--- a/docs/releases/4.1.txt
+++ b/docs/releases/4.1.txt
@@ -459,6 +459,20 @@ backends.
``DatabaseOperations.insert_statement()`` method is replaced by
``on_conflict`` that accepts ``django.db.models.constants.OnConflict``.
+* Several date and time methods on ``DatabaseOperations`` now take ``sql`` and
+ ``params`` arguments instead of ``field_name`` and return 2-tuple containing
+ some SQL and the parameters to be interpolated into that SQL. The changed
+ methods have these new signatures:
+
+ * ``DatabaseOperations.date_extract_sql(lookup_type, sql, params)``
+ * ``DatabaseOperations.datetime_extract_sql(lookup_type, sql, params, tzname)``
+ * ``DatabaseOperations.time_extract_sql(lookup_type, sql, params)``
+ * ``DatabaseOperations.date_trunc_sql(lookup_type, sql, params, tzname=None)``
+ * ``DatabaseOperations.datetime_trunc_sql(self, lookup_type, sql, params, tzname)``
+ * ``DatabaseOperations.time_trunc_sql(lookup_type, sql, params, tzname=None)``
+ * ``DatabaseOperations.datetime_cast_date_sql(sql, params, tzname)``
+ * ``DatabaseOperations.datetime_cast_time_sql(sql, params, tzname)``
+
:mod:`django.contrib.gis`
-------------------------